Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: github issues

 Sponsor

Project: tomcat11-config

com.github.hazendaz.tomcat:tomcat11-config:11.0.0

Scan Information (show all):

Summary

Display: Showing Vulnerable Dependencies (click to show all)

DependencyVulnerability IDsPackageHighest SeverityCVE CountConfidenceEvidence Count
checker-qual-3.46.0.jarpkg:maven/org.checkerframework/checker-qual@3.46.0 044
error_prone_annotations-2.31.0.jarpkg:maven/com.google.errorprone/error_prone_annotations@2.31.0 029
j2objc-annotations-3.0.0.jarpkg:maven/com.google.j2objc/j2objc-annotations@3.0.0 033
jsr305-3.0.2.jarpkg:maven/com.google.code.findbugs/jsr305@3.0.2 017
lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar 07
lombok-1.18.34.jarpkg:maven/org.projectlombok/lombok@1.18.34 036
modernizer-maven-annotations-2.9.0.jarpkg:maven/org.gaul/modernizer-maven-annotations@2.9.0 019
spotbugs-annotations-4.8.6.jarpkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6 053
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: annotations-api.jarcpe:2.3:a:apache:tomcat:3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
CRITICAL*31Medium29
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: bootstrap.jarcpe:2.3:a:apache:tomcat:11.0.0:*:*:*:*:*:*:*HIGH*8Highest16
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: catalina-ant.jarcpe:2.3:a:apache:ant:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:tomcat:11.0.0:*:*:*:*:*:*:*
HIGH*8High14
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: catalina-ha.jarcpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:* 0Highest22
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: catalina.jarcpe:2.3:a:apache:tomcat:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
HIGH*8Highest20
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: commons-daemon.jarcpe:2.3:a:apache:apache_commons_daemon:1.4.0:*:*:*:*:*:*:*pkg:maven/commons-daemon/commons-daemon@1.4.0 0Low84
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: ecj-4.33.jar 031
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: el-api.jarcpe:2.3:a:apache:tomcat:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
CRITICAL*71Medium20
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jakartaee-migration-1.0.8-shaded.jarcpe:2.3:a:apache_tomcat:apache_tomcat:1.0.8:*:*:*:*:*:*:*pkg:maven/org.apache.tomcat/jakartaee-migration@1.0.8 0Highest32
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jasper-el.jarcpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:* 0Low26
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jasper.jarcpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:* 0Highest20
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jaspic-api.jarcpe:2.3:a:apache:tomcat:3.1:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
CRITICAL*32Medium36
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jsp-api.jarcpe:2.3:a:apache:tomcat:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
CRITICAL*30Medium39
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: sample.war 08
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: servlet-api.jarcpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
HIGH*6High40
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: taglibs-standard-impl-1.2.5-migrated-0.0.1.jarcpe:2.3:a:apache:standard_taglibs:1.2.5:*:*:*:*:*:*:*pkg:maven/org.apache.taglibs/taglibs-standard-impl@1.2.5 0Highest52
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: tomcat-api.jarcpe:2.3:a:apache:tomcat:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
HIGH*8Highest18
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: tomcat-i18n-cs.jarcpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
HIGH*6High9
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: tomcat-juli.jarcpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:* 0Highest18
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: websocket-api.jarcpe:2.3:a:apache:tomcat:11.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
HIGH*6High22
tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: websocket-client-api.jarcpe:2.3:a:apache:tomcat:11.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*
HIGH*8Medium16

* indicates the dependency has a known exploited vulnerability

Dependencies (vulnerable)

checker-qual-3.46.0.jar

Description:

checker-qual contains annotations (type qualifiers) that a programmerwrites to specify Java code for type-checking by the Checker Framework.

License:

The MIT License: http://opensource.org/licenses/MIT
File Path: C:\Users\Jeremy\.m2\repository\org\checkerframework\checker-qual\3.46.0\checker-qual-3.46.0.jar
MD5: 5436ae3f8b4e1dfece73580a232ba98d
SHA1: 829954afc56f1737a1df3ab5aa889de574b97cc4
SHA256:4bc77a172279304c3f35045d6b9c8492780f047e5ad9919d77431caf29e44401
Referenced In Project/Scope: tomcat11-config:compile
checker-qual-3.46.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.tomcat/tomcat11-config@11.0.0

Identifiers

error_prone_annotations-2.31.0.jar

Description:

Error Prone is a static analysis tool for Java that catches common programming mistakes at compile-time.

License:

Apache 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\errorprone\error_prone_annotations\2.31.0\error_prone_annotations-2.31.0.jar
MD5: 04641d87b6fd51090da62cfca6be83f4
SHA1: c3ba307b915d6d506e98ffbb49e6d2d12edad65b
SHA256:ba8d20fb1fc181672552b323f3c7549b30be1d57c49dd5835e2729e7647d9cfa
Referenced In Project/Scope: tomcat11-config:provided
error_prone_annotations-2.31.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.tomcat/tomcat11-config@11.0.0

Identifiers

j2objc-annotations-3.0.0.jar

Description:

    A set of annotations that provide additional information to the J2ObjC
    translator to modify the result of translation.
  

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\j2objc\j2objc-annotations\3.0.0\j2objc-annotations-3.0.0.jar
MD5: f59529b29202a5baf37f491ea5ec8627
SHA1: 7399e65dd7e9ff3404f4535b2f017093bdb134c7
SHA256:88241573467ddca44ffd4d74aa04c2bbfd11bf7c17e0c342c94c9de7a70a7c64
Referenced In Project/Scope: tomcat11-config:provided
j2objc-annotations-3.0.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.tomcat/tomcat11-config@11.0.0

Identifiers

jsr305-3.0.2.jar

Description:

JSR305 Annotations for Findbugs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\com\google\code\findbugs\jsr305\3.0.2\jsr305-3.0.2.jar
MD5: dd83accb899363c32b07d7a1b2e4ce40
SHA1: 25ea2e8b0c338a877313bd4672d3fe056ea78f0d
SHA256:766ad2a0783f2687962c8ad74ceecc38a28b9f72a2d085ee438b7813e928d0c7
Referenced In Project/Scope: tomcat11-config:provided
jsr305-3.0.2.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.spotbugs/spotbugs-annotations@4.8.6

Identifiers

lombok-1.18.34.jar: mavenEcjBootstrapAgent.jar

File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.34\lombok-1.18.34.jar\lombok\launch\mavenEcjBootstrapAgent.jar
MD5: e5552f93605e20eb4039662ee38ee41a
SHA1: 257946794d3fbaff9023c991de99d6b7a7be8c8d
SHA256:7f93cde1d476e8d84f51213c52d70eb596fcde669fbd30fbd5a6745346fdde9d
Referenced In Project/Scope: tomcat11-config:provided

Identifiers

  • None

lombok-1.18.34.jar

Description:

Spice up your java: Automatic Resource Management, automatic generation of getters, setters, equals, hashCode and toString, and more!

License:

The MIT License: https://projectlombok.org/LICENSE
File Path: C:\Users\Jeremy\.m2\repository\org\projectlombok\lombok\1.18.34\lombok-1.18.34.jar
MD5: 91ce91dbfa7694bff4ddc1e51643f8b2
SHA1: ec547ef414ab1d2c040118fb9c1c265ada63af14
SHA256:c27d6b2aff56241d1b07fcbcc6b183709e6b432c80f7374eeb1d823e86d4b81a
Referenced In Project/Scope: tomcat11-config:provided
lombok-1.18.34.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.tomcat/tomcat11-config@11.0.0

Identifiers

modernizer-maven-annotations-2.9.0.jar

File Path: C:\Users\Jeremy\.m2\repository\org\gaul\modernizer-maven-annotations\2.9.0\modernizer-maven-annotations-2.9.0.jar
MD5: 638a555dc0ff4c996e8a920215fc8ea4
SHA1: 4de00c50ce237cf7a721ffe907e11f0688538b04
SHA256:baeca9a46aae8dbe8075058726389112382bc60be811e70886fbaba57c68502f
Referenced In Project/Scope: tomcat11-config:provided
modernizer-maven-annotations-2.9.0.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.tomcat/tomcat11-config@11.0.0

Identifiers

spotbugs-annotations-4.8.6.jar

Description:

Annotations the SpotBugs tool supports

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1: https://www.gnu.org/licenses/old-licenses/lgpl-2.1.en.html
File Path: C:\Users\Jeremy\.m2\repository\com\github\spotbugs\spotbugs-annotations\4.8.6\spotbugs-annotations-4.8.6.jar
MD5: 0806b237c67c69869506ce3ced9a722f
SHA1: 1dcffed3e561ed32134a0dff4717f19bc2fdf4d8
SHA256:4548b74a815ed44f5480ca4f06204a8b00809dc7e5f6a825a9edf18f40377b65
Referenced In Project/Scope: tomcat11-config:provided
spotbugs-annotations-4.8.6.jar is in the transitive dependency tree of the listed items.Included by: pkg:maven/com.github.hazendaz.tomcat/tomcat11-config@11.0.0

Identifiers

tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: annotations-api.jar

License:

https://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\annotations-api.jar
MD5: c766c9e8fcb8858a3fc6da9afb083313
SHA1: d5c1c4c4d54f412e3d1078034a71a1bc883ded06
SHA256:f6095ba9e59ac4d863b242a7a94170c0b21d38e2b218fb2f89bf7e532ba29a39
Referenced In Project/Scope: tomcat11-config:provided

Identifiers

CVE-2016-8735  

CISA Known Exploited Vulnerability:
  • Product: Apache Tomcat
  • Name: Apache Tomcat Remote Code Execution Vulnerability
  • Date Added: 2023-05-12
  • Description: Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
  • Required Action: Apply updates per vendor instructions.
  • Due Date: 2023-06-02
  • Notes: https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735

Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3:
  • Base Score: CRITICAL (9.8)
  • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8022  

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
CWE-276 Incorrect Default Permissions

CVSSv2:
  • Base Score: HIGH (7.2)
  • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3:
  • Base Score: HIGH (7.8)
  • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

References:

Vulnerable Software & Versions: (show all)

CVE-2002-0493  

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
CWE-254 7PK - Security Features

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions:

CVE-2009-3548  

The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
CWE-255 Credentials Management Errors

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-2185  

The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: HIGH (7.5)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2003-0044  

Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4444  

Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
CWE-94 Improper Control of Generation of Code ('Code Injection')

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:
  • secalert@redhat.com - Patch

Vulnerable Software & Versions: (show all)

CVE-2013-6357  

Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI.  NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.
CWE-352 Cross-Site Request Forgery (CSRF)

CVSSv2:
  • Base Score: MEDIUM (6.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2000-0760  

The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (6.4)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2013-4286  

Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
CWE-20 Improper Input Validation

CVSSv2:
  • Base Score: MEDIUM (5.8)
  • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2000-0672  

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
NVD-CWE-noinfo

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2000-1210  

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2001-0590  

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2002-1148  

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2002-2006  

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2003-0042  

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2003-0043  

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2003-0045  

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2005-0808  

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
NVD-CWE-Other

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2008-0128  

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
CWE-16 Configuration

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

Vulnerable Software & Versions:

CVE-2014-0075  

Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
CWE-189 Numeric Errors

CVSSv2:
  • Base Score: MEDIUM (5.0)
  • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

References:

Vulnerable Software & Versions: (show all)

CVE-2005-4838  

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:
  • secalert@redhat.com - Patch

Vulnerable Software & Versions:

CVE-2006-7196  

Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv2:
  • Base Score: MEDIUM (4.3)
  • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

    Vulnerable Software & Versions: (show all)

    CVE-2007-2449  

    Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
    NVD-CWE-Other

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:
    • secalert@redhat.com - Patch

    Vulnerable Software & Versions: (show all)

    CVE-2009-2696  

    Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions:

    CVE-2013-4322  

    Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
    CWE-20 Improper Input Validation

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2013-4590  

    Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0096  

    java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0099  

    Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
    CWE-189 Numeric Errors

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0119  

    Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (4.3)
    • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2007-1358  

    Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
    CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

    CVSSv2:
    • Base Score: LOW (2.6)
    • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

    References:

    Vulnerable Software & Versions: (show all)

    tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: bootstrap.jar

    File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\bin\bootstrap.jar
    MD5: 3ccc80b5d5091eb82092a4e9aa80a959
    SHA1: 9aa9cd83e516bacb42d1e9c840c477df898a35cc
    SHA256:34dfc4bbdb0d32f24f2e8c5a5ad88e2cb4f27cb99b886ada138053b20d88e777
    Referenced In Project/Scope: tomcat11-config:provided

    Identifiers

    CVE-2023-28709  

    The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount��could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters��in the query string, the limit for uploaded request parts could be��bypassed with the potential for a denial of service to occur.
    
    
    
    
    
    CWE-193 Off-by-one Error

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-34981  

    A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
    CWE-732 Incorrect Permission Assignment for Critical Resource, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-44487  

    CISA Known Exploited Vulnerability:
    • Product: IETF HTTP/2
    • Name: HTTP/2 Rapid Reset Attack Vulnerability
    • Date Added: 2023-10-10
    • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
    • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    • Due Date: 2023-10-31
    • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-46589  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
    
    
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-41080  

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
    
    The vulnerability is limited to the ROOT (default) web application.
    CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-42795  

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
    cause Tomcat to skip some parts of the recycling process leading to 
    information leaking from the current request/response to the next.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
    
    
    CWE-459 Incomplete Cleanup

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-45648  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
    crafted, invalid trailer header could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
    
    
    CWE-20 Improper Input Validation, NVD-CWE-Other

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-28708  

    When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
    
    
    
    
    
    
    
    
    CWE-523 Unprotected Transport of Credentials

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: catalina-ant.jar

    File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\catalina-ant.jar
    MD5: 72a78cfbd8b4f8a865c03d774b1d62c3
    SHA1: 43272c32d55c52d43534f1ad4a0a433cf5c602fa
    SHA256:b54267d9d31e1bc2cb3b9582e170728754b95463765018acc0d52378c4091445
    Referenced In Project/Scope: tomcat11-config:provided

    Identifiers

    CVE-2023-28709  

    The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount��could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters��in the query string, the limit for uploaded request parts could be��bypassed with the potential for a denial of service to occur.
    
    
    
    
    
    CWE-193 Off-by-one Error

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-34981  

    A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
    CWE-732 Incorrect Permission Assignment for Critical Resource, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-44487  

    CISA Known Exploited Vulnerability:
    • Product: IETF HTTP/2
    • Name: HTTP/2 Rapid Reset Attack Vulnerability
    • Date Added: 2023-10-10
    • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
    • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    • Due Date: 2023-10-31
    • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-46589  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
    
    
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-41080  

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
    
    The vulnerability is limited to the ROOT (default) web application.
    CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-42795  

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
    cause Tomcat to skip some parts of the recycling process leading to 
    information leaking from the current request/response to the next.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
    
    
    CWE-459 Incomplete Cleanup

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-45648  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
    crafted, invalid trailer header could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
    
    
    CWE-20 Improper Input Validation, NVD-CWE-Other

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-28708  

    When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
    
    
    
    
    
    
    
    
    CWE-523 Unprotected Transport of Credentials

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: catalina-ha.jar

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\catalina-ha.jar
    MD5: 816221d3c16ae4fd5952008cfd4a7d88
    SHA1: 76700be47a2bb57d26a93e50ca72ef184f51733e
    SHA256:c5f6ee5139aa7069b6ed77cf2a1159e3f962837a5e6bdd020ae8c3abe651ea89
    Referenced In Project/Scope: tomcat11-config:provided

    Identifiers

    tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: catalina.jar

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\catalina.jar
    MD5: 899e792378da1e6b10cafca150b5f681
    SHA1: a2064606903dfb5fc6b340f0bfcda13354bb274f
    SHA256:c9e3ebba496a02f156dae19b692cf801457ee692820f043b52aacb77cd462d59
    Referenced In Project/Scope: tomcat11-config:provided

    Identifiers

    CVE-2023-28709  

    The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount��could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters��in the query string, the limit for uploaded request parts could be��bypassed with the potential for a denial of service to occur.
    
    
    
    
    
    CWE-193 Off-by-one Error

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-34981  

    A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
    CWE-732 Incorrect Permission Assignment for Critical Resource, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-44487  

    CISA Known Exploited Vulnerability:
    • Product: IETF HTTP/2
    • Name: HTTP/2 Rapid Reset Attack Vulnerability
    • Date Added: 2023-10-10
    • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
    • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
    • Due Date: 2023-10-31
    • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
    CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-46589  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
    
    
    CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-41080  

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
    
    The vulnerability is limited to the ROOT (default) web application.
    CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

    CVSSv3:
    • Base Score: MEDIUM (6.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-42795  

    Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
    cause Tomcat to skip some parts of the recycling process leading to 
    information leaking from the current request/response to the next.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
    
    
    CWE-459 Incomplete Cleanup

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-45648  

    Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
    crafted, invalid trailer header could cause Tomcat to treat a single 
    request as multiple requests leading to the possibility of request 
    smuggling when behind a reverse proxy.
    
    Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
    
    
    CWE-20 Improper Input Validation, NVD-CWE-Other

    CVSSv3:
    • Base Score: MEDIUM (5.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2023-28708  

    When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
    
    
    
    
    
    
    
    
    CWE-523 Unprotected Transport of Credentials

    CVSSv3:
    • Base Score: MEDIUM (4.3)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: commons-daemon.jar

    Description:

        Apache Commons Daemon software is a set of utilities and Java support
        classes for running Java applications as server processes. These are
        commonly known as 'daemon' processes in Unix terminology (hence the
        name). On Windows they are called 'services'.
      

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\bin\commons-daemon.jar
    MD5: fb4cdbbdb3ab0dc65b1c1928641b3aed
    SHA1: cc65de9f1914a2a42e3868d15a341626cfdc1155
    SHA256:6b8e35b13f27f265fed0caa7c4ce9d13b790662af5f48cb7d41df394de759dbd
    Referenced In Project/Scope: tomcat11-config:provided

    Identifiers

    tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: ecj-4.33.jar

    File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\ecj-4.33.jar
    MD5: 8214ba6951532adf736db71645a7b44d
    SHA1: da787c5669578ffd5324bf29c18b361904a5a1bb
    SHA256:01f5a92ac19bb2b3bf85e295a68f2c73c264369109158b566ce9b490af982948
    Referenced In Project/Scope: tomcat11-config:provided

    Identifiers

    • None

    tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: el-api.jar

    License:

    https://www.apache.org/licenses/LICENSE-2.0.txt
    File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\el-api.jar
    MD5: 20bad8d745eb8ab823974aa47aac7a57
    SHA1: 6983a253b34d117d144f0830466decbc5b43bb25
    SHA256:c8d3778d563d73d978419897f6751a8ff9974a48a67d25a08c2b142eb92d6628
    Referenced In Project/Scope: tomcat11-config:provided

    Identifiers

    CVE-2016-8735  

    CISA Known Exploited Vulnerability:
    • Product: Apache Tomcat
    • Name: Apache Tomcat Remote Code Execution Vulnerability
    • Date Added: 2023-05-12
    • Description: Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
    • Required Action: Apply updates per vendor instructions.
    • Due Date: 2023-06-02
    • Notes: https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735

    Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
    NVD-CWE-noinfo

    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
    CVSSv3:
    • Base Score: CRITICAL (9.8)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2016-5018  

    In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
    NVD-CWE-noinfo

    CVSSv2:
    • Base Score: MEDIUM (6.4)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N
    CVSSv3:
    • Base Score: CRITICAL (9.1)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2016-0714  

    The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: MEDIUM (6.5)
    • Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P
    CVSSv3:
    • Base Score: HIGH (8.8)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2016-5388  

    Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.
    CWE-284 Improper Access Control

    CVSSv2:
    • Base Score: MEDIUM (5.1)
    • Vector: /AV:N/AC:H/Au:N/C:P/I:P/A:P
    CVSSv3:
    • Base Score: HIGH (8.1)
    • Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:2.2/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2014-0230  

    Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle cases where an HTTP response occurs before finishing the reading of an entire request body, which allows remote attackers to cause a denial of service (thread consumption) via a series of aborted upload attempts.
    CWE-399 Resource Management Errors

    CVSSv2:
    • Base Score: HIGH (7.8)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2020-8022  

    A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
    CWE-276 Incorrect Default Permissions

    CVSSv2:
    • Base Score: HIGH (7.2)
    • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
    CVSSv3:
    • Base Score: HIGH (7.8)
    • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2009-3548  

    The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
    CWE-255 Credentials Management Errors

    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2011-3190  

    Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.
    CWE-264 Permissions, Privileges, and Access Controls

    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2013-2185  

    The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue
    CWE-20 Improper Input Validation

    CVSSv2:
    • Base Score: HIGH (7.5)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2016-6796  

    A malicious web application running on Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 was able to bypass a configured SecurityManager via manipulation of the configuration parameters for the JSP Servlet.
    NVD-CWE-noinfo

    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2016-6797  

    The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not limit web application access to global JNDI resources to those resources explicitly linked to the web application. Therefore, it was possible for a web application to access any global JNDI resource whether an explicit ResourceLink had been configured or not.
    CWE-863 Incorrect Authorization

    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

    Vulnerable Software & Versions: (show all)

    CVE-2017-5647  

    A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.
    CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

    CVSSv2:
    • Base Score: MEDIUM (5.0)
    • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
    CVSSv3:
    • Base Score: HIGH (7.5)
    • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

    References:

      Vulnerable Software & Versions: (show all)

      CVE-2016-6816  

      The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.
      CWE-20 Improper Input Validation

      CVSSv2:
      • Base Score: MEDIUM (6.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
      CVSSv3:
      • Base Score: HIGH (7.1)
      • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L/E:2.8/RC:R/MAV:A

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2013-4444  

      Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
      CWE-94 Improper Control of Generation of Code ('Code Injection')

      CVSSv2:
      • Base Score: MEDIUM (6.8)
      • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

      References:
      • secalert@redhat.com - Patch

      Vulnerable Software & Versions: (show all)

      CVE-2010-2227  

      Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 beta does not properly handle an invalid Transfer-Encoding header, which allows remote attackers to cause a denial of service (application outage) or obtain sensitive information via a crafted header that interferes with "recycling of a buffer."
      CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

      CVSSv2:
      • Base Score: MEDIUM (6.4)
      • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

      References:

      Vulnerable Software & Versions: (show all)

      CVE-2010-4312  

      The default configuration of Apache Tomcat 6.x does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to hijack a session via script access to a cookie.
      CWE-16 Configuration

      CVSSv2:
      • Base Score: MEDIUM (6.4)
      • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

      References:

        Vulnerable Software & Versions: (show all)

        CVE-2014-0227  

        java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat 6.x before 6.0.42, 7.x before 7.0.55, and 8.x before 8.0.9 does not properly handle attempts to continue reading data after an error has occurred, which allows remote attackers to conduct HTTP request smuggling attacks or cause a denial of service (resource consumption) by streaming data with malformed chunked transfer coding.
        CWE-19 Data Processing Errors

        CVSSv2:
        • Base Score: MEDIUM (6.4)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2016-0762  

        The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
        CWE-203 Observable Discrepancy

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.9)
        • Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:2.2/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2009-2693  

        Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat entry.
        CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

        CVSSv2:
        • Base Score: MEDIUM (5.8)
        • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2013-4286  

        Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
        CWE-20 Improper Input Validation

        CVSSv2:
        • Base Score: MEDIUM (5.8)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2015-5345  

        The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.
        CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2016-6794  

        When a SecurityManager is configured, a web application's ability to read system properties should be controlled by the SecurityManager. In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70, 6.0.0 to 6.0.45 the system property replacement feature for configuration files could be used by a malicious web application to bypass the SecurityManager and read system properties that should not be visible.
        NVD-CWE-noinfo

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N
        CVSSv3:
        • Base Score: MEDIUM (5.3)
        • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2007-0450  

        Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules (mod_proxy, mod_rewrite, mod_jk), allows remote attackers to read arbitrary files via a .. (dot dot) sequence with combinations of (1) "/" (slash), (2) "\" (backslash), and (3) URL-encoded backslash (%5C) characters in the URL, which are valid separators in Tomcat but not in Apache.
        CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2007-5333  

        Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.  NOTE: this issue exists because of an incomplete fix for CVE-2007-3385.
        CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2008-2370  

        Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
        CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2008-5515  

        Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct directory traversal attacks via .. (dot dot) sequences and the WEB-INF directory in a Request.
        CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

        References:
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch

        Vulnerable Software & Versions: (show all)

        CVE-2009-0033  

        Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when the Java AJP connector and mod_jk load balancing are used, allows remote attackers to cause a denial of service (application outage) via a crafted request with invalid headers, related to temporary blocking of connectors that have encountered errors, as demonstrated by an error involving a malformed HTTP Host header.
        CWE-20 Improper Input Validation

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2011-0534  

        Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not enforce the maxHttpHeaderSize limit for requests involving the NIO HTTP connector, which allows remote attackers to cause a denial of service (OutOfMemoryError) via a crafted request.
        CWE-399 Resource Management Errors

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2011-1184  

        The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, related to lack of checking of nonce (aka server nonce) and nc (aka nonce-count or client nonce count) values.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2011-4858  

        Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
        CWE-399 Resource Management Errors

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2011-5062  

        The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2012-0022  

        Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.
        CWE-189 Numeric Errors

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2012-2733  

        java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP NIO connector in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28 does not properly restrict the request-header size, which allows remote attackers to cause a denial of service (memory consumption) via a large amount of header data.
        CWE-20 Improper Input Validation

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2012-3544  

        Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming data.
        CWE-20 Improper Input Validation

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2012-5885  

        The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka client nonce) values instead of nonce (aka server nonce) and nc (aka nonce-count) values, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests, a different vulnerability than CVE-2011-1184.
        CWE-264 Permissions, Privileges, and Access Controls

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2012-5886  

        The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session state, which makes it easier for remote attackers to bypass authentication via vectors related to the session ID.
        CWE-287 Improper Authentication

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2012-5887  

        The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests.
        CWE-287 Improper Authentication

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2014-0075  

        Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
        CWE-189 Numeric Errors

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2014-7810  

        The Expression Language (EL) implementation in Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.58, and 8.x before 8.0.16 does not properly consider the possibility of an accessible interface implemented by an inaccessible class, which allows attackers to bypass a SecurityManager protection mechanism via a web application that leverages use of incorrect privileges during EL evaluation.
        CWE-284 Improper Access Control

        CVSSv2:
        • Base Score: MEDIUM (5.0)
        • Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2011-2526  

        Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.19, when sendfile is enabled for the HTTP APR or HTTP NIO connector, does not validate certain request attributes, which allows local users to bypass intended file access restrictions or cause a denial of service (infinite loop or JVM crash) by leveraging an untrusted web application.
        CWE-20 Improper Input Validation

        CVSSv2:
        • Base Score: MEDIUM (4.4)
        • Vector: /AV:L/AC:M/Au:N/C:P/I:P/A:P

        References:
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch

        Vulnerable Software & Versions: (show all)

        CVE-2007-1355  

        Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
        NVD-CWE-Other

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

        References:

        Vulnerable Software & Versions: (show all)

        CVE-2007-2449  

        Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
        NVD-CWE-Other

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

        References:
        • secalert@redhat.com - Patch

        Vulnerable Software & Versions: (show all)

        CVE-2007-3382  

        Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 treats single quotes ("'") as delimiters in cookies, which might cause sensitive information such as session IDs to be leaked and allow remote attackers to conduct session hijacking attacks.
        CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

        References:
        • secalert@redhat.com - Patch
        • secalert@redhat.com - Patch

        Vulnerable Software & Versions: (show all)

        CVE-2007-3385  

        Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 to 4.1.36, and 3.3 to 3.3.2 does not properly handle the \" character sequence in a cookie value, which might cause sensitive information such as session IDs to be leaked to remote attackers and enable session hijacking attacks.
        CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

        References:
        • secalert@redhat.com - Patch

        Vulnerable Software & Versions: (show all)

        CVE-2007-3386  

        Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
        CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

        References:
        • secalert@redhat.com - Patch

        Vulnerable Software & Versions: (show all)

        CVE-2007-6286  

        Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recent requests," as demonstrated by using netcat to send the empty request.
        NVD-CWE-Other

        CVSSv2:
        • Base Score: MEDIUM (4.3)
        • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

        References:

          Vulnerable Software & Versions: (show all)

          CVE-2008-1232  

          Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2008-1947  

          Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2008-2938  

          Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
          CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2009-0580  

          Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter.
          CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2009-0781  

          Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2009-2901  

          The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests.
          CWE-264 Permissions, Privileges, and Access Controls

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2009-2902  

          Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
          CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2011-0013  

          Multiple cross-site scripting (XSS) vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag.
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2011-5063  

          The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check realm values, which might allow remote attackers to bypass intended access restrictions by leveraging the availability of a protection space with weaker authentication or authorization requirements, a different vulnerability than CVE-2011-1184.
          CWE-287 Improper Authentication

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2011-5064  

          DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server secret (aka private key), which makes it easier for remote attackers to bypass cryptographic protection mechanisms by leveraging knowledge of this string, a different vulnerability than CVE-2011-1184.
          CWE-310 Cryptographic Issues

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2012-3546  

          org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then placing /j_security_check at the end of a URI.
          CWE-264 Permissions, Privileges, and Access Controls

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2012-4431  

          org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.32 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism via a request that lacks a session identifier.
          CWE-264 Permissions, Privileges, and Access Controls

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2013-4322  

          Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
          CWE-20 Improper Input Validation

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2013-4590  

          Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
          CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2014-0096  

          java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
          CWE-264 Permissions, Privileges, and Access Controls

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2014-0099  

          Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
          CWE-189 Numeric Errors

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2014-0119  

          Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
          CWE-264 Permissions, Privileges, and Access Controls

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2015-5174  

          Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
          CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

          CVSSv2:
          • Base Score: MEDIUM (4.0)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
          CVSSv3:
          • Base Score: MEDIUM (4.3)
          • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2016-0706  

          Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.
          CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv2:
          • Base Score: MEDIUM (4.0)
          • Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N
          CVSSv3:
          • Base Score: MEDIUM (4.3)
          • Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2009-0783  

          Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 permits web applications to replace an XML parser used for other web applications, which allows local users to read or modify the (1) web.xml, (2) context.xml, or (3) tld files of arbitrary web applications via a crafted application that is loaded earlier than the target application.
          CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv2:
          • Base Score: MEDIUM (4.6)
          • Vector: /AV:L/AC:L/Au:N/C:P/I:P/A:P
          CVSSv3:
          • Base Score: MEDIUM (4.2)
          • Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:0.8/RC:R/MAV:A

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2007-2450  

          Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv2:
          • Base Score: LOW (3.5)
          • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2010-1157  

          Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the realm field in the WWW-Authenticate header in the reply.
          CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv2:
          • Base Score: LOW (2.6)
          • Vector: /AV:N/AC:H/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2012-4534  

          org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to cause a denial of service (infinite loop) by terminating the connection during the reading of a response.
          CWE-399 Resource Management Errors

          CVSSv2:
          • Base Score: LOW (2.6)
          • Vector: /AV:N/AC:H/Au:N/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2011-2204  

          Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file.
          CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

          CVSSv2:
          • Base Score: LOW (1.9)
          • Vector: /AV:L/AC:M/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2010-3718  

          Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running within a SecurityManager, does not make the ServletContext attribute read-only, which allows local web applications to read or write files outside of the intended working directory, as demonstrated using a directory traversal attack.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: LOW (1.2)
          • Vector: /AV:L/AC:H/Au:N/C:N/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jakartaee-migration-1.0.8-shaded.jar

          Description:

          The aim of the tool is to take a web application written for Java EE 8 that
              runs on Apache Tomcat 9 and convert it automatically so it runs on Apache
              Tomcat 10 which implements Jakarta EE 9.

          File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\jakartaee-migration-1.0.8-shaded.jar
          MD5: bc5265465d7c641bbd5c9f2b057decc1
          SHA1: 56eb518000183b5f3eface92fb9e9ccd1cbaee09
          SHA256:6d8d96de63eeced7397146b23f85f7b3a09df9f09c5557e066f5f2127039cc4a
          Referenced In Project/Scope: tomcat11-config:provided

          Identifiers

          tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jasper-el.jar

          License:

          https://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\jasper-el.jar
          MD5: 9df1e241b14a9db7c4bd8a9218a9d6c4
          SHA1: 59512ed089fa898eb55ccfe458a5a02368e84956
          SHA256:6ce691d51e48db7da94b2cd47ddea588158083dbfe8d5d693ddc687af69addf6
          Referenced In Project/Scope: tomcat11-config:provided

          Identifiers

          • cpe:2.3:a:apache_tomcat:apache_tomcat:11.0.0:*:*:*:*:*:*:*  (Confidence:Low)  

          tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jasper.jar

          License:

          https://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\jasper.jar
          MD5: 13016420824511bdef845fce407cc951
          SHA1: 30c0af26326b45f7a2846f57eec94f0e101cda19
          SHA256:91532319ee5baa71c0e15395572a1a6579ee7f6127c646dd8fbbdac1770efda7
          Referenced In Project/Scope: tomcat11-config:provided

          Identifiers

          tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jaspic-api.jar

          License:

          https://www.apache.org/licenses/LICENSE-2.0.txt
          File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\jaspic-api.jar
          MD5: 745003b9c0dcefa8d41f3e2c110a3af0
          SHA1: a641d668da60d234ddd1031c7de2e2e97bcaef98
          SHA256:e867538f25f2819e09cc37ac1dfcfa451c22b340f8bad94877afacf4f6ae01e0
          Referenced In Project/Scope: tomcat11-config:provided

          Identifiers

          CVE-2016-8735  

          CISA Known Exploited Vulnerability:
          • Product: Apache Tomcat
          • Name: Apache Tomcat Remote Code Execution Vulnerability
          • Date Added: 2023-05-12
          • Description: Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
          • Required Action: Apply updates per vendor instructions.
          • Due Date: 2023-06-02
          • Notes: https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735

          Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
          NVD-CWE-noinfo

          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
          CVSSv3:
          • Base Score: CRITICAL (9.8)
          • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2020-8022  

          A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
          CWE-276 Incorrect Default Permissions

          CVSSv2:
          • Base Score: HIGH (7.2)
          • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
          CVSSv3:
          • Base Score: HIGH (7.8)
          • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2002-0493  

          Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
          CWE-254 7PK - Security Features

          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions:

          CVE-2009-3548  

          The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
          CWE-255 Credentials Management Errors

          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2013-2185  

          The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue
          CWE-20 Improper Input Validation

          CVSSv2:
          • Base Score: HIGH (7.5)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2003-0044  

          Multiple cross-site scripting (XSS) vulnerabilities in the (1) examples and (2) ROOT web applications for Jakarta Tomcat 3.x through 3.3.1a allow remote attackers to insert arbitrary web script or HTML.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (6.8)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2013-4444  

          Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
          CWE-94 Improper Control of Generation of Code ('Code Injection')

          CVSSv2:
          • Base Score: MEDIUM (6.8)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

          References:
          • secalert@redhat.com - Patch

          Vulnerable Software & Versions: (show all)

          CVE-2013-6357  

          Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI.  NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.
          CWE-352 Cross-Site Request Forgery (CSRF)

          CVSSv2:
          • Base Score: MEDIUM (6.8)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2000-0759  

          Jakarta Tomcat 3.1 under Apache reveals physical path information when a remote attacker requests a URL that does not exist, which generates an error message that includes the physical path.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (6.4)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2000-0760  

          The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals sensitive system information when a remote attacker requests a nonexistent URL with a .snp extension.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (6.4)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2013-4286  

          Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
          CWE-20 Improper Input Validation

          CVSSv2:
          • Base Score: MEDIUM (5.8)
          • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2000-0672  

          The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
          NVD-CWE-noinfo

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2000-1210  

          Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2001-0590  

          Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2002-1148  

          The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2002-2006  

          The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2003-0042  

          Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2003-0043  

          Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2003-0045  

          Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2005-0808  

          Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
          NVD-CWE-Other

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2008-0128  

          The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
          CWE-16 Configuration

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

          References:

          Vulnerable Software & Versions:

          CVE-2014-0075  

          Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
          CWE-189 Numeric Errors

          CVSSv2:
          • Base Score: MEDIUM (5.0)
          • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

          References:

          Vulnerable Software & Versions: (show all)

          CVE-2005-4838  

          Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:
          • secalert@redhat.com - Patch

          Vulnerable Software & Versions:

          CVE-2006-7196  

          Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.
          CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

          CVSSv2:
          • Base Score: MEDIUM (4.3)
          • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

          References:

            Vulnerable Software & Versions: (show all)

            CVE-2007-2449  

            Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
            NVD-CWE-Other

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

            References:
            • secalert@redhat.com - Patch

            Vulnerable Software & Versions: (show all)

            CVE-2009-2696  

            Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
            CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

            References:

            Vulnerable Software & Versions:

            CVE-2013-4322  

            Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
            CWE-20 Improper Input Validation

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2013-4590  

            Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
            CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0096  

            java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
            CWE-264 Permissions, Privileges, and Access Controls

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0099  

            Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
            CWE-189 Numeric Errors

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2014-0119  

            Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
            CWE-264 Permissions, Privileges, and Access Controls

            CVSSv2:
            • Base Score: MEDIUM (4.3)
            • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2007-1358  

            Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
            CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

            CVSSv2:
            • Base Score: LOW (2.6)
            • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

            References:

            Vulnerable Software & Versions: (show all)

            tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: jsp-api.jar

            License:

            https://www.apache.org/licenses/LICENSE-2.0.txt
            File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\jsp-api.jar
            MD5: c226ddfc6a3c4e5052e9226231631c2c
            SHA1: a5a617da2494ecefe119bb1a6ff9e5a796e3bf36
            SHA256:9c6fec811dc6c8a4b53b4c99445e694a687eee011ea0d7493a51bd26be7c98e2
            Referenced In Project/Scope: tomcat11-config:provided

            Identifiers

            CVE-2016-8735  

            CISA Known Exploited Vulnerability:
            • Product: Apache Tomcat
            • Name: Apache Tomcat Remote Code Execution Vulnerability
            • Date Added: 2023-05-12
            • Description: Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.
            • Required Action: Apply updates per vendor instructions.
            • Due Date: 2023-06-02
            • Notes: https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735

            Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
            NVD-CWE-noinfo

            CVSSv2:
            • Base Score: HIGH (7.5)
            • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P
            CVSSv3:
            • Base Score: CRITICAL (9.8)
            • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2002-2272  

            Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 through 1.3.27, allows remote attackers to cause a denial of service (desynchronized communications) via an HTTP GET request with a Transfer-Encoding chunked field with invalid values.
            CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

            CVSSv2:
            • Base Score: HIGH (7.8)
            • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:C

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2020-8022  

            A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
            CWE-276 Incorrect Default Permissions

            CVSSv2:
            • Base Score: HIGH (7.2)
            • Vector: /AV:L/AC:L/Au:N/C:C/I:C/A:C
            CVSSv3:
            • Base Score: HIGH (7.8)
            • Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A

            References:

            Vulnerable Software & Versions: (show all)

            CVE-2002-1394  

            Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
            NVD-CWE-Other

            CVSSv2:
            • Base Score: HIGH (7.5)
            • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

            References:

              Vulnerable Software & Versions: (show all)

              CVE-2009-3548  

              The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
              CWE-255 Credentials Management Errors

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2013-2185  

              The readObject method in the DiskFileItem class in Apache Tomcat and JBoss Web, as used in Red Hat JBoss Enterprise Application Platform 6.1.0 and Red Hat JBoss Portal 6.0.0, allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance, a similar issue to CVE-2013-2186.  NOTE: this issue is reportedly disputed by the Apache Tomcat team, although Red Hat considers it a vulnerability. The dispute appears to regard whether it is the responsibility of applications to avoid providing untrusted data to be deserialized, or whether this class should inherently protect against this issue
              CWE-20 Improper Input Validation

              CVSSv2:
              • Base Score: HIGH (7.5)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2013-4444  

              Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execute arbitrary code by uploading and accessing a JSP file.
              CWE-94 Improper Control of Generation of Code ('Code Injection')

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:
              • secalert@redhat.com - Patch

              Vulnerable Software & Versions: (show all)

              CVE-2013-6357  

              Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI.  NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.
              CWE-352 Cross-Site Request Forgery (CSRF)

              CVSSv2:
              • Base Score: MEDIUM (6.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2013-4286  

              Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which allows remote attackers to trigger incorrect identification of a request's length and conduct request-smuggling attacks via (1) multiple Content-Length headers or (2) a Content-Length header and a "Transfer-Encoding: chunked" header.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2005-2090.
              CWE-20 Improper Input Validation

              CVSSv2:
              • Base Score: MEDIUM (5.8)
              • Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2002-1148  

              The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
              NVD-CWE-Other

              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2002-2006  

              The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
              NVD-CWE-Other

              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2003-0866  

              The Catalina org.apache.catalina.connector.http package in Tomcat 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service via several requests that do not follow the HTTP protocol, which causes Tomcat to reject later requests.
              NVD-CWE-Other

              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2008-0128  

              The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
              CWE-16 Configuration

              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

              References:

              Vulnerable Software & Versions:

              CVE-2014-0075  

              Integer overflow in the parseChunkHeader function in java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 allows remote attackers to cause a denial of service (resource consumption) via a malformed chunk size in chunked transfer coding of a request during the streaming of data.
              CWE-189 Numeric Errors

              CVSSv2:
              • Base Score: MEDIUM (5.0)
              • Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

              References:

              Vulnerable Software & Versions: (show all)

              CVE-2005-4838  

              Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp.  NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.
              CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

              CVSSv2:
              • Base Score: MEDIUM (4.3)
              • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

              References:
              • secalert@redhat.com - Patch

              Vulnerable Software & Versions:

              CVE-2006-7196  

              Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors.  NOTE: this may be related to CVE-2006-0254.1.
              CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

              CVSSv2:
              • Base Score: MEDIUM (4.3)
              • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

              References:

                Vulnerable Software & Versions: (show all)

                CVE-2007-1355  

                Multiple cross-site scripting (XSS) vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the test parameter and unspecified vectors.
                NVD-CWE-Other

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2007-2449  

                Multiple cross-site scripting (XSS) vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI after the ';' character, as demonstrated by a URI containing a "snp/snoop.jsp;" sequence.
                NVD-CWE-Other

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

                References:
                • secalert@redhat.com - Patch

                Vulnerable Software & Versions: (show all)

                CVE-2007-3383  

                Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web script or HTML via the From field and possibly other fields, related to generation of error messages.
                NVD-CWE-Other

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

                References:
                • secalert@redhat.com - Patch
                • secalert@redhat.com - Patch
                • secalert@redhat.com - Patch

                Vulnerable Software & Versions: (show all)

                CVE-2008-2938  

                Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370.  NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
                CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2009-2696  

                Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.
                CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

                References:

                Vulnerable Software & Versions:

                CVE-2013-4322  

                Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace characters in an HTTP header value within a trailer field, which allows remote attackers to cause a denial of service by streaming data.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3544.
                CWE-20 Improper Input Validation

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:N/I:N/A:P

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2013-4590  

                Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a context.xml, web.xml, *.jspx, *.tagx, or *.tld XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
                CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2014-0096  

                java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
                CWE-264 Permissions, Privileges, and Access Controls

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2014-0099  

                Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
                CWE-189 Numeric Errors

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2014-0119  

                Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.
                CWE-264 Permissions, Privileges, and Access Controls

                CVSSv2:
                • Base Score: MEDIUM (4.3)
                • Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2007-2450  

                Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager and (2) Host Manager web applications in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote authenticated users to inject arbitrary web script or HTML via a parameter name to manager/html/upload, and other unspecified vectors.
                CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

                CVSSv2:
                • Base Score: LOW (3.5)
                • Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2007-5461  

                Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
                CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

                CVSSv2:
                • Base Score: LOW (3.5)
                • Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2007-1358  

                Cross-site scripting (XSS) vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616".
                CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

                CVSSv2:
                • Base Score: LOW (2.6)
                • Vector: /AV:N/AC:H/Au:N/C:N/I:P/A:N

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2008-5519  

                The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat allows remote attackers to obtain sensitive information via an arbitrary request from an HTTP client, in opportunistic circumstances involving (1) a request from a different client that included a Content-Length header but no POST data or (2) a rapid series of requests, related to noncompliance with the AJP protocol's requirements for requests containing Content-Length headers.
                CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

                CVSSv2:
                • Base Score: LOW (2.6)
                • Vector: /AV:N/AC:H/Au:N/C:P/I:N/A:N

                References:

                Vulnerable Software & Versions: (show all)

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: sample.war

                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\webapps\docs\appdev\sample\sample.war
                MD5: d2d4f972092cfbfe24db3d869e01da96
                SHA1: 8750f6b7a3a67488ca591dd32811e4e985e2613f
                SHA256:3542637cdc55b620e7392e27d394d8d462245facd51c1182802f2185c61b7c7a
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                • None

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: servlet-api.jar

                License:

                https://www.apache.org/licenses/LICENSE-2.0.txt
                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\servlet-api.jar
                MD5: cd5935d707c61eca43f27b41ef54bfea
                SHA1: c043b7440d374b6bc57e91218d2b29a13d3641d0
                SHA256:0ed6be6451d385b119a371f9ad3f4c3f4ad125e7d9eec9f60fc7fa66a6dfd4e6
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                CVE-2023-44487  

                CISA Known Exploited Vulnerability:
                • Product: IETF HTTP/2
                • Name: HTTP/2 Rapid Reset Attack Vulnerability
                • Date Added: 2023-10-10
                • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
                • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
                • Due Date: 2023-10-31
                • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

                The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
                CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-46589  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
                
                
                CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-41080  

                URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
                
                The vulnerability is limited to the ROOT (default) web application.
                CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

                CVSSv3:
                • Base Score: MEDIUM (6.1)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-42795  

                Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
                cause Tomcat to skip some parts of the recycling process leading to 
                information leaking from the current request/response to the next.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
                
                
                CWE-459 Incomplete Cleanup

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-45648  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
                crafted, invalid trailer header could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
                
                
                CWE-20 Improper Input Validation, NVD-CWE-Other

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-28708  

                When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
                
                
                
                
                
                
                
                
                CWE-523 Unprotected Transport of Credentials

                CVSSv3:
                • Base Score: MEDIUM (4.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: taglibs-standard-impl-1.2.5-migrated-0.0.1.jar

                Description:

                        An implementation of the JSP Standard Tag Library (JSTL).
                    

                License:

                http://www.apache.org/licenses/LICENSE-2.0.txt
                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\webapps\examples\WEB-INF\lib\taglibs-standard-impl-1.2.5-migrated-0.0.1.jar
                MD5: 233e487c265b58bd2d730f90132ddcb4
                SHA1: 6bc6265f361f8efd5f1fb230073983e2d2495cec
                SHA256:1141c62a014ac1378079876f2c021ecd3b31d6021c6ef856e660d0b49188bbe2
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: tomcat-api.jar

                License:

                https://www.apache.org/licenses/LICENSE-2.0.txt
                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\tomcat-api.jar
                MD5: eead098089de8ff0478ee1c6f40507e0
                SHA1: 76f39b9d0b4d36b895f7843fc9faf825091bd8ca
                SHA256:99ee3eb80facd74d40ed34633122f6840177ef543b43c9b90c1b2bef93a46a36
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                CVE-2023-28709  

                The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount��could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters��in the query string, the limit for uploaded request parts could be��bypassed with the potential for a denial of service to occur.
                
                
                
                
                
                CWE-193 Off-by-one Error

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-34981  

                A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
                CWE-732 Incorrect Permission Assignment for Critical Resource, NVD-CWE-noinfo

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-44487  

                CISA Known Exploited Vulnerability:
                • Product: IETF HTTP/2
                • Name: HTTP/2 Rapid Reset Attack Vulnerability
                • Date Added: 2023-10-10
                • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
                • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
                • Due Date: 2023-10-31
                • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

                The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
                CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-46589  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
                
                
                CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-41080  

                URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
                
                The vulnerability is limited to the ROOT (default) web application.
                CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

                CVSSv3:
                • Base Score: MEDIUM (6.1)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-42795  

                Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
                cause Tomcat to skip some parts of the recycling process leading to 
                information leaking from the current request/response to the next.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
                
                
                CWE-459 Incomplete Cleanup

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-45648  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
                crafted, invalid trailer header could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
                
                
                CWE-20 Improper Input Validation, NVD-CWE-Other

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-28708  

                When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
                
                
                
                
                
                
                
                
                CWE-523 Unprotected Transport of Credentials

                CVSSv3:
                • Base Score: MEDIUM (4.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: tomcat-i18n-cs.jar

                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\tomcat-i18n-cs.jar
                MD5: 1dae9689aed1f6f81dea08a99664acf2
                SHA1: c425111bdc9d1a7935f99becacbcca6906719d60
                SHA256:6cb4d2ec3e64725b823fabf466ddbb01a68e0dcf51ad5430216e447ba7221e83
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                CVE-2023-44487  

                CISA Known Exploited Vulnerability:
                • Product: IETF HTTP/2
                • Name: HTTP/2 Rapid Reset Attack Vulnerability
                • Date Added: 2023-10-10
                • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
                • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
                • Due Date: 2023-10-31
                • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

                The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
                CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-46589  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
                
                
                CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-41080  

                URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
                
                The vulnerability is limited to the ROOT (default) web application.
                CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

                CVSSv3:
                • Base Score: MEDIUM (6.1)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-42795  

                Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
                cause Tomcat to skip some parts of the recycling process leading to 
                information leaking from the current request/response to the next.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
                
                
                CWE-459 Incomplete Cleanup

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-45648  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
                crafted, invalid trailer header could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
                
                
                CWE-20 Improper Input Validation, NVD-CWE-Other

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-28708  

                When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
                
                
                
                
                
                
                
                
                CWE-523 Unprotected Transport of Credentials

                CVSSv3:
                • Base Score: MEDIUM (4.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: tomcat-juli.jar

                License:

                https://www.apache.org/licenses/LICENSE-2.0.txt
                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\bin\tomcat-juli.jar
                MD5: c69a4fed8164f6a7293e6ff5aa6c95f6
                SHA1: ee16cfdd905d84e7771969627e1ede3b71e53646
                SHA256:dacb81b048512dfe344f053474d5414dd2b3d93a5347488b29a81767c7dc3bfa
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: websocket-api.jar

                License:

                https://www.apache.org/licenses/LICENSE-2.0.txt
                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\websocket-api.jar
                MD5: aa0b3573a0abb254249839ffb01926be
                SHA1: 300aedf760d11858a8c5b185fcce2421a88eec42
                SHA256:b0ec010f55a35ff98939558d487a88f9b44211f6e60d70e1fbe9c418f01203c1
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                CVE-2023-44487  

                CISA Known Exploited Vulnerability:
                • Product: IETF HTTP/2
                • Name: HTTP/2 Rapid Reset Attack Vulnerability
                • Date Added: 2023-10-10
                • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
                • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
                • Due Date: 2023-10-31
                • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

                The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
                CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-46589  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
                
                
                CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-41080  

                URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
                
                The vulnerability is limited to the ROOT (default) web application.
                CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

                CVSSv3:
                • Base Score: MEDIUM (6.1)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-42795  

                Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
                cause Tomcat to skip some parts of the recycling process leading to 
                information leaking from the current request/response to the next.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
                
                
                CWE-459 Incomplete Cleanup

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-45648  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
                crafted, invalid trailer header could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
                
                
                CWE-20 Improper Input Validation, NVD-CWE-Other

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-28708  

                When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
                
                
                
                
                
                
                
                
                CWE-523 Unprotected Transport of Credentials

                CVSSv3:
                • Base Score: MEDIUM (4.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                tomcat-11.0.0.tar.gz: tomcat-11.0.0.tar: websocket-client-api.jar

                License:

                https://www.apache.org/licenses/LICENSE-2.0.txt
                File Path: C:\Users\Jeremy\.m2\repository\org\apache\tomcat\tomcat\11.0.0\tomcat-11.0.0.tar.gz\tomcat-11.0.0.tar\apache-tomcat-11.0.0\lib\websocket-client-api.jar
                MD5: 743a50a0cf766eef110e4d44eda297ba
                SHA1: ca540e7081b759da00abc1dfbc5470fc394ab8ec
                SHA256:2dca77a5c89ce3b92167c7a89762d02a48d0bf362abad739097a48836d284b71
                Referenced In Project/Scope: tomcat11-config:provided

                Identifiers

                CVE-2023-28709  

                The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP       connector settings were used such that the maxParameterCount��could be reached using query string parameters and a request was       submitted that supplied exactly maxParameterCount parameters��in the query string, the limit for uploaded request parts could be��bypassed with the potential for a denial of service to occur.
                
                
                
                
                
                CWE-193 Off-by-one Error

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-34981  

                A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.
                CWE-732 Incorrect Permission Assignment for Critical Resource, NVD-CWE-noinfo

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-44487  

                CISA Known Exploited Vulnerability:
                • Product: IETF HTTP/2
                • Name: HTTP/2 Rapid Reset Attack Vulnerability
                • Date Added: 2023-10-10
                • Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS).
                • Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
                • Due Date: 2023-10-31
                • Notes: This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-44487

                The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
                CWE-400 Uncontrolled Resource Consumption, NVD-CWE-noinfo

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-46589  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue.
                
                
                CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

                CVSSv3:
                • Base Score: HIGH (7.5)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-41080  

                URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92.
                
                The vulnerability is limited to the ROOT (default) web application.
                CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

                CVSSv3:
                • Base Score: MEDIUM (6.1)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-42795  

                Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could 
                cause Tomcat to skip some parts of the recycling process leading to 
                information leaking from the current request/response to the next.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
                
                
                CWE-459 Incomplete Cleanup

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-45648  

                Improper Input Validation vulnerability in Apache Tomcat.Tomcat��from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially 
                crafted, invalid trailer header could cause Tomcat to treat a single 
                request as multiple requests leading to the possibility of request 
                smuggling when behind a reverse proxy.
                
                Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
                
                
                CWE-20 Improper Input Validation, NVD-CWE-Other

                CVSSv3:
                • Base Score: MEDIUM (5.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)

                CVE-2023-28708  

                When using the RemoteIpFilter with requests received from a    reverse proxy via HTTP that include the X-Forwarded-Proto    header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not��include the secure attribute. This could result in the user agent��transmitting the session cookie over an insecure channel.
                
                
                
                
                
                
                
                
                CWE-523 Unprotected Transport of Credentials

                CVSSv3:
                • Base Score: MEDIUM (4.3)
                • Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:2.8/RC:R/MAV:A

                References:

                Vulnerable Software & Versions: (show all)



                This report contains data retrieved from the National Vulnerability Database.
                This report may contain data retrieved from the CISA Known Exploited Vulnerability Catalog.
                This report may contain data retrieved from the Github Advisory Database (via NPM Audit API).
                This report may contain data retrieved from RetireJS.
                This report may contain data retrieved from the Sonatype OSS Index.